Web開発者と情報セキュリティの入門者が必ず知っておくべきWebハッキング&セキュアコーディング
crehacktive
情報セキュリティ入門者とWeb開発者のためのWebハッキング入門講義!今回の講義をはじめ、Webハッキングを楽しく始めましょう!
초급
Penetration Testing, Injection
BEST
Web hacking that teaches you the principles by following along: WebGoat
A web hacking course where you can learn, practice, and understand the principles by simply following along with WebGoat problem solving!
Reviews from Early Learners
What you will learn!
What is WebGoat?
Learning about application of vulnerabilities for various web functions
How to diagnose OWASP Top 10 items
Practice vulnerabilities in the WebGoat virtual environment and take your web hacking skills to the next level!
💡 WebGoat, a popular virtual environment for web hacking practice!
WebGoat is a web application built on Java. It has a vulnerability environment configured for each web hacking vulnerability item, and allows for practice with various functional vulnerabilities.
💡 A lecture for applied learning after the introductory web hacking lecture!
This course is for applied learning in various environments, following the introductory web hacking course for web developers and information security beginners!
📖 A lecture where you can learn, practice, and understand the principles by simply following along!
Through WebGoat problem-solving exercises, you can easily learn web hacking, master attack methods, and understand the principles of vulnerabilities.
📝 Web hacking vulnerabilities covered by WebGoat
The vulnerability items are mainly composed of OWASP Top 10 items.
- Injection
- SQL Injection
- Path traversal - Broken Authentication
- Authentication Bypasses
- JWT tokens
- Password reset
- Secure Passwords - Sensitive Data Exposure
- Insecure Login - XML External Entities (XXE)
- Broken Access Control
-Insecure Direct Object References
- Missing Function Level Access Control - Cross-Site Scripting (XSS)
- Insecure Deserialization
- Vulnerable Components
- Request Forgeries
- Cross-Site Request Forgery (CSRF)
- Server-Side Request Forgery (SSRF) - Client side
- Bypass front-end restrictions
- Client-side filtering
- HTML tempering
Please check before taking the class!
- This lecture was created using WebGoat version 8.1.0 .
💡 Must-see lectures
Basic SQL Grammar for Successful SQL Injection Attacks
Basic Steps to Mastering SQL Injection Attacks
Basic Steps to Mastering SQL Injection Attacks
What web developers must know,
Web Hacking, Security, and Secure Coding
Web hacking course for web developers and information security beginners!
Web Hacking, Security, and Secure Coding
Web hacking course for web developers and information security beginners!
Recommended for
these people
Who is this course right for?
Information Security Beginner
Web Developer
IT major
Anyone curious about web hacking
Need to know before starting?
Web Basics
Web Proxy
Web Hacking Basics
25,761
Learners
1,345
Reviews
497
Answers
4.9
Rating
18
Courses
:: 국내 정보보안 솔루션 개발 기업 재직 ::
- 앱 위변조 방지 솔루션 : 미들웨어 담당 / 해킹 대회 운영진 / 국내 유명 해킹/방어 훈련장 제작
:: 국내 정보보안 전문 업체 재직 ::
- 블랙박스 모의해킹 / 시나리오 기반 모의해킹 / 웹 취약점 진단 / 모바일 취약점 진단 / 소스코드 취약점 진단 / APT 모의 훈련 / DDoS 모의훈련 / 인프라 진단 / 스마트 가전 진단
- 국내 대기업, 중소기업 다수 진단
:: 외부 교육 및 활동 ::
- 멀티캠퍼스, 국가 보안 기술 연구소(ETRI)
- 국내 정보보안 업체 : 재직자 대상 "웹 모의해킹 심화 교육" 진행중
- 해커팩토리 문제 제작
:: 취약점 발견 ::
1) Web Application Server 취약점
- TMAX JEUS : 원격 명령어 실행 취약점(Remote Command Execution Vulnerability)
- IBM WebSphere(CVE-2020-4163) : 원격 명령어 실행 취약점(Remote Command Execution Vulnerability)
2) CMS(Contents Management System) 취약점
- 네이버 스마트에디터 : 파일 업로드 취약점
- 그누보드 : SQL Injection , 파일 업로드 취약점(그누보드4, 그누보드5), XSS ...
- 킴스큐 : 파리미터 변조 취약점 , 파일 업로드 취약점
* 이메일 : crehacktive3@naver.com
* 블로그 : http://www.crehacktive.co.kr
Curriculum
All
91 lectures ∙ (11hr 50min)
Published:
Last updated:
Reviews
All
23 reviews
5.0
23 reviews
anwi505152585Reviews 5
∙
Average Rating 5.0
5
67% enrolled講義よろしくお願いします!ファイルアップロード講義を購入しようとしていますが、パート2はいつ出ますか?
- crehacktiveInstructor
今年下半期までは必ず完了するよう努力いたします。
- ruke240888
Reviews 16
∙
Average Rating 4.3
- jeshurun
Reviews 11
∙
Average Rating 5.0
- youjunglee5462
Reviews 3
∙
Average Rating 4.7
- wh70457329
Reviews 5
∙
Average Rating 4.2
$38.50
crehacktive's other courses
Check out other courses by the instructor!
![ファイル アップロードの脆弱性 高度な攻撃手法 PART2 [統合版]강의 썸네일](https://cdn.inflearn.com/public/courses/333012/cover/12bd40e1-1e17-493a-81b9-64ac5fed558e/333012.png?f=avif&w=420)
Similar courses
Explore other courses in the same field!
